Re: Create an alert when multiple files are delete...

mishmeret · ‎11-16-2021

Hi,

I am trying to create an alert that triggers when more than 5 files are deleted in less than 3 minutes from the app we monitor.

For some reason, the alert only works for single file deletion but does not work when I set it for. a number of events. any idea why? would love to get some help

isoutamo · ‎11-16-2021

Can you post your SPL and some sample events?

mishmeret · ‎11-16-2021

attached a screen shot, in the actions it send an email to out ticking system

isoutamo · ‎11-16-2021

How about actual SPL query and event samples?

mishmeret · ‎11-16-2021

thats the query I used: host="ip-of the host" "event_type..tag"=file_delete

works for single file deletion

mishmeret · ‎11-16-2021

Create an alert when multiple files are deleted

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation